From 8bf6a9c07cdde8fc8bbd4bb61a4886ccc02a570f Mon Sep 17 00:00:00 2001 From: Adrian Freihofer Date: Mon, 10 Mar 2025 10:35:44 +0100 Subject: [PATCH] linux-fitimage: sign setup sections MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If FIT_SIGN_INDIVIDUAL is set to “1”, a signature section is added to all screen sections, but not to the setup section. To match the setup section with all other sections, the signature is also added. This also helps to implement the associated tests generically. This change is intended to make the code more consistent. However, it is not intended to make the FIT_SIGN_INDIVIDUAL function more popular. Technically, it would be better to remove the signature from all other image sections and discard the FIT_SIGN_INDIVIDUAL function, the use of which is no longer recommended anyway. Signed-off-by: Adrian Freihofer Signed-off-by: Richard Purdie --- meta/classes-recipe/kernel-fitimage.bbclass | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/meta/classes-recipe/kernel-fitimage.bbclass b/meta/classes-recipe/kernel-fitimage.bbclass index f41509d308a..07786647e19 100644 --- a/meta/classes-recipe/kernel-fitimage.bbclass +++ b/meta/classes-recipe/kernel-fitimage.bbclass @@ -243,6 +243,8 @@ EOF fitimage_emit_section_setup() { setup_csum="${FIT_HASH_ALG}" + setup_sign_algo="${FIT_SIGN_ALG}" + setup_sign_keyname="${UBOOT_SIGN_IMG_KEYNAME}" cat << EOF >> $1 setup-$2 { @@ -259,6 +261,17 @@ fitimage_emit_section_setup() { }; }; EOF + + if [ "${UBOOT_SIGN_ENABLE}" = "1" -a "${FIT_SIGN_INDIVIDUAL}" = "1" -a -n "$setup_sign_keyname" ] ; then + sed -i '$ d' $1 + cat << EOF >> $1 + signature-1 { + algo = "$setup_csum,$setup_sign_algo"; + key-name-hint = "$setup_sign_keyname"; + }; + }; +EOF + fi } # -- 2.47.3